The agent doing the right thing every call.
Pause-and-resume asks the agent to press a button before the customer reads their card number aloud and another button after. On a quiet morning with an experienced agent, it works fine. On a busy Friday with a queue of calls and a customer who starts reading their digits before the agent expected, it doesn't. We've seen audit logs where the pause fired 0.4 seconds late — that's enough for the first three or four digits of the PAN to land in the recording, and that recording is now full cardholder data sitting in your archive.
Even when the pause fires perfectly, the architecture has bigger holes. The agent still hears the customer reading their card aloud, which means a workstation microphone in a home office or a colleague at the next desk also hears it. The agent still types the digits into your CRM or payment screen, which means the workstation, the CRM and every system between them are in PCI scope. QA platforms that ingest the live audio stream rather than the post-call recording capture the digits before the pause-and-resume logic ever runs. None of those gaps are fixed by pressing a button.
PCI DSS 4.0 has been mandatory since 31 March 2025 and tightened the language around recording. Any recording that captures sensitive authentication data after authorization completes is now an explicit control failure. An environment that depends on agent behavior to satisfy that rule has very little rope when a QSA finds the inevitable handful of recordings where the pause didn't fire cleanly. The reliable answer is to make sure the data isn't in the audio at all, which is what DTMF masking does architecturally.
Same outcome on paper — card data isn't in the recording. Different posture once a QSA starts pulling spectrograms.
Behavioral control
Architectural control
With pause-and-resume, the agent has to interrupt the conversation: “Let me just pause the recording — okay, please read me your card number now.” The flow breaks. The customer has to read the digits aloud while the agent listens and types. The agent then has to remember to press resume. The whole sequence depends on the agent doing four things in the right order.
With masking, the agent enters the amount in our terminal and presses one key — usually 729. The customer hears a short voice prompt asking them to enter their card on their handset. The agent stays on the line throughout. They can confirm the amount, answer questions, and handle objections in real time. They watch a progress indicator on screen — masked digits appear as the customer types, so they can see the capture is progressing without seeing the actual numbers. When the gateway returns an authorization, the agent picks up the conversation: “That's gone through, thanks — I'll email your receipt.”
The behavior change for the agent is genuinely small. A 15-minute team huddle covers it for most teams. There's no script change needed beyond a sentence introducing the capture, no pause-button muscle memory to retrain, and no compliance briefing about “what to do if you forget to press pause.” The data path doesn't require the agent to act correctly because the control isn't the agent any more.
If you want to see how this lands in your specific stack, the DTMF masking page walks through the audio interception in detail. If you'd rather see the variant where the agent steps off the audio entirely during capture, channel separation takes a slightly different route to the same compliance outcome.
We've been masking DTMF tones in real time since 2016. We're a PCI DSS Level 1 certified service provider and a Stripe partner. We support every major contact-center platform and most niche ones — Genesys, Five9, Amazon Connect, NICE CXone, 8x8, Talkdesk, RingCentral, 3CX, Avaya, Cisco, Mitel, and plain SIP trunks. Your gateway can be Stripe, Adyen, Braintree, Cybersource, NMI, Authorize.Net or any of the long tail — if it has an API, we talk to it.
The two numbers customers care about: PCI compliance costs falling 80 to 90 percent in the first year, and the audit itself going from a multi-week QSA engagement to a self-assessment. Retailers like Warby Parker-style omnichannel operators care about a third number — fewer chargebacks tied to disputed phone orders, because the call recording stays intact and the consent moment is unambiguous. The unmeasured benefit is that the “don't write that down” posters and the periodic spot-checks of the contact-center floor simply stop being needed. If there's no card data for an agent to mishandle, you don't need a program to stop them mishandling it.
We also run telephone payments, payment links for follow-up sales, and a full tokenizationworkflow if you want to set up recurring payments after the first capture. The point of moving off pause-and-resume isn't just to fix one weak control — it's to redesign the whole payment flow so the cardholder data environment shrinks to almost nothing.
Two things. First, it depends on the agent pressing pause before the customer reads their card number and resume after — every single call, every single time. Miss the pause once and that recording now contains a full PAN sitting in your archive, fully discoverable, fully in scope. Second, even when the agent does press pause perfectly, the data still reaches their ears, their screen, their workstation, and any QA platform that's pulling the live audio stream. The recording is one of several places the data lands; pause-and-resume only addresses one of them. Under PCI DSS 4.0 that gap is a control failure waiting for a QSA to find it.
Pause-and-resume is a behavioral control — the agent has to do the right thing. DTMF masking is an architectural control — the data physically can't reach the agent or the recording because we intercept the keypad tones in the audio path before either of them. The agent hears a flat replacement chirp, the recording captures the same flat chirp, and there are no card digits anywhere in your environment to start with. The control isn't 'remember to press pause' — the control is 'the data isn't here'. That's a different category of compliance posture.
No. The recording runs continuously from start to finish — the customer's voice, the agent's voice, and the flat replacement tones during the card entry. No silent gap, no explanation needed when QA pulls the call six months later, no awkward audit conversations about why the recording suddenly cuts out for 30 seconds. Continuous recording also matters for TCPA defense: when a consent or dispute issue surfaces, you want the whole call intact, not a recording that mysteriously goes quiet right where the transaction happened. Pause-and-resume creates exactly that gap; masking doesn't.
Pause-and-resume does nothing about it. The agent still hears the digits, can still write them down, can still take a phone photo of their screen. Most contact-center fraud doesn't come from external attackers — it comes from someone on the inside who can see or hear card data and chooses to misuse it. Once data reaches the agent's environment, no audit log will tell you whether a digit ended up in a notebook. The only reliable defense is making sure the data never reaches them, which is what masking does and pause-and-resume can't.
Yes. We don't replace your CCaaS, your gateway, your CRM, your QA platform or your headsets. We slot into the audio path between the customer and the agent and change one thing — what the agent and the recording hear during the seconds the card is being entered. Everything else carries on as before. Works with Genesys, Five9, Amazon Connect, NICE CXone, 8x8, Talkdesk, RingCentral, 3CX, Avaya, Cisco, Mitel and plain SIP trunks.
Most businesses move from SAQ D (329 controls covering the full cardholder data environment) to SAQ A (22 controls). The recording stops being in scope because there's no card data in it. The agent workstation stops being in scope because no card data reaches it. The CRM stops being in scope because the agent never has digits to paste. Most of your network drops out for the same reason. Pause-and-resume, by contrast, keeps you in SAQ D — the agent, the workstation, the live audio path and the QA platform all still touch card data.
Modern cloud CCaaS deployments are typically live in two to four business days. On-prem PBX integrations run five to ten business days. Plain SIP trunk setups can be live in two to three days. The bottleneck is almost always change-window approval on your side, not work on ours. Most of our customers report PCI compliance costs falling 80 to 90 percent in the first year after switching off pause-and-resume.
Book a 15-minute demo. We'll show you DTMF masking on a live call, walk through what changes in your recording and your PCI scope, and put together pricing based on your call volume. Or call us on +1 628 295 2250.
Trusted by US law firms, insurers, healthcare organizations and regulated businesses that can't afford to get compliance wrong. Learn more about Paytia